Three countries' intelligence tools sit in the quote your local cops bought, Italian hardware, Israeli Unit 8200 spyware, US ex-special-forces resellers. The same gear used on foreign targets now tracks you on a public road you paid for.

#OPSEC365 081/365 Your neighbors' doorbell cameras record your comings and goings. Ring, Nest, and other video doorbells capture everyone who walks past, not just visitors. Police can request footage. Neighbors share clips on social media. Your movements outside your own home might be documented by devices you don't control. You don't own the cameras recording your comings and goings from your own driveway. You can't control what neighbors install, but you can be aware of coverage. Ring has shared footage with police without user consent in emergency circumstances. Amazon Sidewalk extends Ring coverage beyond properties. Walking past is enough to be recorded and identified.

If you use battle born batteries you may want to... not use them. Great video by Louis Rossmann and Will Prowse

#OPSEC365 080/365 Newspaper announcements broadcast your life events to everyone. Wedding announcements with both families named, birth announcements with baby's name and parents' names, obituaries listing surviving family members and their relationships. These become permanent records indexed by search engines and genealogy sites. Newspaper announcements are indexed by search engines and genealogy sites permanently. You can often write or edit announcements before publication to limit details. Obituaries in particular are goldmines for identity thieves and social engineers, listing maiden names, hometowns, and family relationships.

Comment deserves way more attention. http://social.kikurievy2gz765eyexqbgcdgv4t34md4wjk3aadnwoofjitbkgk3xqd.onion/@yuzuki

BGP hijacking and internet routing security failures. "The Border Gateway Protocol has no built-in security, allowing nation-states and attackers to hijack internet traffic." Pretty Good BGP: Improving BGP by Cautiously Adopting Routes by Karlin, Forrest, and Rexford (2006) https://people.eecs.berkeley.edu/~adj/publications/paper-files/pgbgp.pdf

#OPSEC365 079/365 Library records reveal what you're researching. Books checked out, databases searched, articles requested. While libraries historically protect patron privacy, digital systems create logs. Law enforcement has sought library records, and library database vendors may have access to usage data. Libraries fought for patron privacy for decades. Digital lending systems erased most of those protections quietly. The American Library Association recommends libraries purge records as soon as possible after return. Ask your library about their retention policy.

#OPSEC365 078/365 Online reviews under your real name build a public history of where you go. Google reviews, Yelp reviews, TripAdvisor reviews. Every opinion you post is tied to your profile and maps your movements. That review of your dentist confirms you live nearby. That hotel review confirms you were traveling that week. Every review posted under your real name is a timestamped confirmation of your presence at that location. Use pseudonymous accounts for reviews if location privacy matters. Some platforms require real names for verified reviews, which means deciding whether the verification badge is worth the exposure. Consider whether each review you post reveals something you'd rather keep private.

FBI, Europol, IRS, CipherTrace, Chainalysis, and Elliptic have all tried to break Monero's privacy, six of the most well-funded surveillance operations on Earth, and they're still publishing research papers instead of arrests.

#OPSEC365 077/365 That QR code might not go where you think. Attackers stick malicious QR codes over legitimate ones on parking meters, restaurant menus, and public posters. You scan expecting one destination and land somewhere else. The link could be a phishing page, a malware download, or a tracking URL. Preview QR code destinations before visiting them, and be suspicious of codes in public spaces. Most phone cameras now show a URL preview before opening. Read it before tapping. If a QR code in a public place looks like a sticker placed over something else, don't trust it. When in doubt, navigate to the destination manually instead of scanning.

#OPSEC365 076/365 Browser extensions execute across all tabs and contexts — bank, medical, work — simultaneously. MITRE Pre-ATT&CK PRE-T1119: adversaries build digital footprints across platforms to establish credible personas. A malicious extension does the inverse with one install. Cronk's HIDE/Restrict: enforce access controls limiting visibility. 'Read all data on all sites' bypasses every logical compartment. Separate browser profiles per identity. Extensions don't cross profiles. Create distinct browser profiles per context: work, personal, research, anonymous. Extensions installed in one profile are invisible to another. Never grant broad cross-site permissions inside your primary identity profile — the permission scope defeats compartmentalization.

Members of Congress have private gold elevators, private gyms, dining rooms, they exempt themselves from laws and have a lifetime pension after one term. The people who fund all of it have to abide by an uncountable amount of laws (google it), pay late fees, get pulled over for going 5 mph over the speed limit.

#OPSEC365 075/365 Warranty registrations ask for data they don't need. When you register a product for warranty, they ask for name, address, email, phone, purchase date, sometimes even income range. This data goes to marketing databases, not just warranty files. The warranty itself usually just requires proof of purchase. The warranty doesn't require registration. The registration form exists to collect your data. Most warranties are valid whether you register or not if you keep your receipt. If you do register, use minimal accurate information and skip optional fields. A separate email address for product registrations keeps spam and data collection segregated from your primary inbox.

Same agency that ran COINTELPRO now begs for financial surveillance access, and Monero keeps saying no.

#OPSEC365 074/365 When you sell a home, real estate photos live online forever. Interior layouts, security system placements, window positions, landscaping details. Zillow, Redfin, and Realtor.com cache these images indefinitely. Future occupants might not appreciate having their floor plan public, and you might still appear in photos. Zillow and Redfin cache listing photos indefinitely. The interior of a home you sold years ago is still publicly browsable. Some sites honor removal requests, others don't. When selling, consider what interior details those photos reveal to burglars. After moving, check if your face or possessions appear in previous listing photos.

You work 3 months out of the year for the government. It's not a choice. If you think that money goes towards the roads and shit, you're wrong. They will kill or imprison you if you refuse. I rob you and buy you a 5 dollar sandwich from the 30,000 I stole, this is the logic.

#OPSEC365 073/365 Shared family streaming accounts are a compartmentalization failure disguised as savings. Every profile feeds one behavioral model. Viewing patterns across all users collapse into one household record — one subpoena retrieves everything. The Privacy Spectrum (Polyonymy): distinct identities prevent cross-contamination. Shared accounts dissolve that. Separate accounts per person keeps each person's behavioral record independently non-attributable. Each household member should operate under distinct credentials with no shared payment linkage where avoidable. Viewing behavior, search history, and content preferences aggregated across persons creates a richer combined profile than either alone.

DNS cache poisoning attacks and DNSSEC weaknesses. "The DNS infrastructure is vulnerable to cache poisoning attacks that can redirect users to malicious sites." - 𝗜𝗻𝗰𝗿𝗲𝗮𝘀𝗲𝗱 𝗗𝗡𝗦 𝗙𝗼𝗿𝗴𝗲𝗿𝘆 𝗥𝗲𝘀𝗶𝘀𝘁𝗮𝗻𝗰𝗲 𝗧𝗵𝗿𝗼𝘂𝗴𝗵 𝟬𝘅𝟮𝟬-𝗕𝗶𝘁 𝗘𝗻𝗰𝗼𝗱𝗶𝗻𝗴 by David Dagon et al. (2008) https://astrolavos.gatech.edu/articles/increased_dns_resistance.pdf

#OPSEC365 072/365 A skilled investigator doesn't start with you. They start with a name and a zip code. In the first 30 minutes: ThatsThem links your name to a phone number. That number pulls your address history from Whitepages. Your county clerk has your voter registration with your exact address. PACER surfaces any federal court involvement. Google indexes you across everything. You've been profiled before they've spent a dollar. The first 30 minutes of OSINT on anyone uses entirely free, publicly indexed sources. Voter registration is searchable by name in most U.S. counties. Court records are public. Data brokers aggregate all of it. The investigator isn't hacking anything.

The government will let corporations pump high fructose corn syrup into everything on the shelf, despite heart disease being the #1 killer in America. But you need $35,000 in permits to sell homemade salsa to your neighbor, because you never paid off Congress with lobbyists.